<?php



/**
 * @author ValeBonus.com
 * @version 1.0
 * @created 02-dez-2013 23:36:28
 */
class AppController extends Controller {

	/**
	 * Set the default controller's helpers
	 */
	public $helpers = array('Html', 'Form');
	/**
	 * Set the default components
	 */
	public $components = array(
        'Session',
        'Auth' => array(
            'loginRedirect' => array('controller' => 'users', 'action' => 'index'),
            'logoutRedirect' => array('controller' => 'pages', 'action' => 'display', 'home'),
        	'authorize' => array('Controller')
        )
    );
	
	function beforeFilter() {
		// For android clients
		$this->Auth->allow('jsonlist', 'jsonview', 'jsonqueryperinterest');
	}
	
	/**
	 *
	 * @param user    The Current Application User
	 */
	public function isAuthorized($user) {
		// Admin can access every action
		if ((isset($user['role'])) && ($user['role'] === 'adm')) {
			// Set the logged user
			$this->set('auth_user_id', $this->Auth->user('id'));
			
			// Allow everything
			return true;
		} else if ((isset($user['role'])) && ($user['role'] === 'usr')) {
			if (($this->action === 'index') ||
				($this->action === 'view') ||
				($this->action === 'login') ||
				($this->action === 'logout')) {
				// Set the logged user
				$this->set('auth_user_id', $this->Auth->user('id'));
				
				// Allow
				return true;
			}
		}
		
		// Show a user message
		$this->Session->setFlash(__('Você não tem permissão para realizar essa ação! Contate o Administrador'), 'flash_error');
	
		// Default deny
		return false;
	}

}
?>